» moviemode.48ca2aefa22d.dll
Overview
Analysis
File Details

moviemode.48ca2aefa22d.dll

GenTechnologies Apps, LLC

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser as well as modify the computer’s system settings that control applications to run on startup. Part of the Injekt brand of unwanted programs. The module moviemode.48ca2aefa22d.dll by GenTechnologies Apps has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

Publisher:

GenTechnologies Apps, LLC (signed and verified)

MD5:

4b596589f9565cdb6521defc6677482d

SHA-1:

f21179b49168d6beaa8c1e41da9b6cf7df22b4a1

SHA-256:

63a0ba5bccf6401e69f15b234cbaca99b01dada7a5b3ee12a0de2ad20b4023be

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:

4/23/2024 6:02:52 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Injekt.GenTechnologiesApps

15.5.22.13

File size:

1.1 MB (1,152,144 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\Windows\System32\moviemode.48ca2aefa22d.dll

Digital Signature

Signed by:

GenTechnologies Apps, LLC

Authority:

COMODO CA Limited

Valid from:

5/30/2013 1:00:00 AM

Valid to:

5/31/2014 12:59:59 AM

Subject:

CN="GenTechnologies Apps, LLC", O="GenTechnologies Apps, LLC", STREET=640 Grand Avenue, STREET=Suite E, L=Carlsbad, S=California, PostalCode=92008, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

06D4A5EDA561071FC293924D6DFC6300

File PE Metadata

Compilation timestamp:

2/6/2014 7:22:05 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:Rfb7ja16Lr6vGj0e659kqCXoDjdS37AmiAbGKsBZnLTSm8:tC12UGYe6ZA37AmiAZsBNT38

Entry address:

0xAC324

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 14, C1, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, 94, 10, 11, 10, 00, 74, 05, E9, 67, C1, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03... 
[+]

Entropy:

6.2520

Code size:

797.5 KB (816,640 bytes)

Remove moviemode.48ca2aefa22d.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.